class OembedPlugin extends Plugin
{
// settings which can be set in config.php with addPlugin('Oembed', array('param'=>'value', ...));
+ // WARNING, these are _regexps_ (slashes added later). Always escape your dots and end your strings
public $domain_whitelist = array( // hostname => service provider
- 'i.ytimg.com' => 'YouTube',
+ '^i\d*\.ytimg\.com$' => 'YouTube',
+ '^i\d*\.vimeocdn\.com$' => 'Vimeo',
);
public $append_whitelist = array(); // fill this array as domain_whitelist to add more trusted sources
public $check_whitelist = true; // security/abuse precaution
}
/**
- * @return boolean false on no check made, true on success
+ * @return boolean false on no check made, provider name on success
* @throws ServerException if check is made but fails
*/
protected function checkWhitelist($url)
}
$host = parse_url($url, PHP_URL_HOST);
- if (!in_array($host, array_keys($this->domain_whitelist))) {
- throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
+ foreach ($this->domain_whitelist as $regex => $provider) {
+ if (preg_match("/$regex/", $host)) {
+ return $provider; // we trust this source, return provider name
+ }
}
- return true; // we trust this source
+ throw new ServerException(sprintf(_('Domain not in remote thumbnail source whitelist: %s'), $host));
}
protected function storeRemoteFileThumbnail(File_thumbnail $thumbnail)
$thumbnail->filename = $filename;
$thumbnail->width = $info[0]; // array indexes documented on php.net:
$thumbnail->height = $info[1]; // https://php.net/manual/en/function.getimagesize.php
- if (!$thumbnail->update($orig)) {
- unlink($fullpath); // delete the file if database failed to write
- throw new ServerException(_('Failed to update remotely downloaded file info in database.'));
- }
+ // Throws exception on failure.
+ $thumbnail->updateWithKeys($orig, 'file_id');
}
public function onPluginVersion(array &$versions)
projects / quix0rs-gnu-social.git / blobdiff